Permit/deny lists and behavior
perl-list
perl-list at network1.net
Wed Nov 16 16:23:51 UTC 2022
the absence of any allow or deny keywords just means that the dhcp server does not consider if a client is known or unknown for that subnet.
If you add allow known-clients or allow unknown-clients then the inverse becomes true (deny known-clients and deny unknown-clients respectively).
You cannot have both an allow and a deny in the same subnet. It won't be considered a syntax error but it also won't do what you expect.
Known clients are defined by having a host {} entry.
Unknown clients mean they have no host {} entry.
You can also allow/deny members of a class {}. These you might see multiple allow lines like:
allow members of "class1";
allow members of "class2";
----- Original Message -----
> From: "Marki" <dhcp-users at lists.roth.lu>
> To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> Sent: Wednesday, November 16, 2022 9:15:28 AM
> Subject: Permit/deny lists and behavior
> Hello,
> Maybe someone can enlighten me:
> The default seems to be that
> * dynamic address assignment to unknown clients is allowed ("allow
> unknown-clients" is implicit) and
> * at the same time static allocations are allowed as well ("allow
> known-clients" is implicit).
> This is kind of a contradiction to "If a pool has a permit list, then
> only those clients that match specific entries on the permit list will
> be eligible to be assigned addresses from the pool."
> Or does that mean if I explicitly write "allow known-clients", then
> unknown clients will be rejected? Is "unknown-clients" a "list" in that
> regard?
> Best regards,
> Marki
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list